United States Patent [i9] 

Pearson et al. 



11 



US005991408A 
[11] Patent Number: 
[45] Date of Patent: 



ill 



5,991,408 
Nov. 23, 1999 



[54] IDENTIFICATION AND SECURITY USING 
BIOMETRIC MEASUREMENTS 

[75] Inventors: Peter Kelley Pearson, Livermore; 

Thomas Edward Rowley, San Jose; 
Jimmy Ray Upton, Mountain View, all 
of Calif. 

[73] Assignee: Veridicom, Inc., Santa Clara, Calif. 

[21] Appl. No.: 08/857,642 
[22] Filed: May 16, 1997 

[51] Int. CJ.^ H04L 9/00 

[52] U.S. CI 380/23; 380/25; 382/116 

[58] Field of Search 380/23, 25, 30; 

382/115-119 

[56] References Cited 

U.S. PATENT DOCUMENTS 

4,438,824 3/1984 Meuller-Schloer 380/30 

4,993,068 2/1991 Piosenka et al 380/23 

5,229,764 7/1993 Matchett et al 340/825.34 

5,280,527 1/1994 Gull man et al 380/23 

5,384,846 1/1995 Berson et al 380/23 

5,469,506 11/1995 Berson et al 380/23 

5,473,144 12/1995 Matliurin, Jr. 235/380 

5,509,083 4/1996 Abtahi et al 382/124 

5,541,994 7/1996 Tomko et al 380/30 

5,581,630 12/1996 Bonneau, Jr 382/116 

5,598,474 1/1997 Johnson 380/23 



5,680,460 10/1997 Tomko et al 

OTHER PUBLICAnONS 



380/23 



Hopcroft, J. et al., "Introduction to Automata Theory, Lan- 
guages, and Computation", Chapter 3, Adisson-Wesley 
Publishing Co., Massachusetts (1979), pp. 320-376. 
Aho, A. et al,, "The Design and Analysis of Computer 
Algorithms", Chapters 10 and 11, Addison-Wesley Publish- 
ing Co., Massachusetts (1974), pp. 364-425. 

Primary Examiner — Salvatore Cangialosi 

Attorney^ Agent, or Firm — Skj erven, Monill, MacPherson, 

Franklin & Friel LLP; Alan H. MacPherson; Elaine H. Lo 



[57] 



ABSTRACT 



The present invention makes it possible for a user to have a 
security key created from one or more biometric elements of 
the user, such as a fingerprint. For example, a biometric 
feature or combination of biometric features of the user can 
be used to create an instance of a problem which can only 
be solved by data inherent in the biometric feature or 
combination of biometric features. The user can supply the 
data to solve the problem by inputting, through an appro- 
priate input device, an image, or other representation of the 
biometric elements from which the data that will solve the 
instance of the problem is derived. If problem is solved, 
either completely or partially, using the derived data then the 
identity of the user can either be verified or ascertained, the 
solution can then be used for other purposes such as the 
generation of a cryptographic key. 

22 Claims, 5 Drawing Sheets 




GENERATE 
CRYPTOGRAPHIC KEY 
AND DECRYPT DATA 



10/23/2003, EAST Version: 1.04.0000 



U.S. Patent 



Nov. 23, 1999 



Sheet 1 of 5 



5,991,408 



COMPUTER SYSTEM 
104 



100 



SENSOR 
101 



102 

A. 



MEMORY 112 



REPRESENTATION 
OF FINGERPRINT 
116 



INSTANCE OF 

PROBLEM 
(ENCODED AND 
CAMOUFLAGED) 
118 



INTERFACE 
106 



110 



^114 



PROCESSOR 
108 



FIGURE 1 



COMPUTER SYSTEM 
404 



400 



MEMORY 412 



REPRESENTATION 
OF USER 
FINGERPRINT 
416 



INSTANCE OF 
PROBLEM 
418 



SENSOR 


402 

s 




INTERFACE 


410 


401 






406 















414 



PROCESSOR 
408 



FIGURE 4 



10/23/2003, EAST Version: 1.04.0000 



A 



U.S. Patent 



Nov. 23, 1999 Sheet 2 of 5 



5,991,408 




(START)-^. 202 



READ IN REPRESENTATION 
OF FINGERPRINT FROM 
SENSOR 



IDENTIFY MINUTIAE 



ENCODE MINUTIAE AS 
VERTICES IN A GRAPH AND 
CONNECT VERTICES TO 
FORM A CLIQUE 







GENERATE 
CRYPTOGRAPHIC KEY 






CAMOUFLAGE CLIQUE BY 
ADDING VERTICES AND 
EDGES TO GRAPH 







IDENTIFY GRAPH WITH 
USER AND OUTPUT GRAPH 

TO PUBLIC STORAGE 
LOCATION, SMART CARD, 
OR STORE IT IN MEMORY 




END 



216 



204 



206 



208 



210 



212 



214 



FIGURE 2 



10/23/2003, EAST Version: 1.04.0000 



U.S. Patent Nov. 23, 1999 sheet 3 of 5 5,991,408 

302A 

/ 

302D 

302B 

/ 

FIGURE 3A 

302C 




10/23/2003, EAST Version: 1.04.0000 



U.S. Patent 



Nov. 23, 1999 Sheet 4 of 5 



5,991,408 



500 



READ IN 
REPRESENTATION 
OF FINGERPRINT 
FROM SENSOR 



504 




GENERATE 
CRYPTOGRAPHIC KEY 
AND DECRYPT DATA 



-516 



G^518 

FIGURE 5 



10/23/2003, EAST version: 1-04.0000 



U.S. Patent 



Nov. 23, 1999 Sheet 5 of 5 



5,991, 



600 



^ ( 



START 



602 







READ IN REPRESENTATION OF 
FINGERPRINT FROM SENSOR 






ATTEMPT TO PROVE KNOWLEDGE 
OF SOLUTION TO INSTANCE OF 
PROBLEM IDENTIFIED WITH USER 






IF PROOF SUCCESSFUL THEN 
GENERATE CRYPTOGRAPHIC 
KEY AND DECRYPT DATA 







604 



606 



( 



608 



END 



610 



FIGURE 6 



10/23/2003, EAST Version: 1,04.0000 



5,991,408 

1 2 

IDENTIFICATION AND SECURITY USING One embodiment of the present invention works as fol- 

BIOMETRIC MEASUREMENTS lows. A user is enrolled through an enrollment system which 

is preferably in a secure location. The user biometric ele- 

FIELD OF THE INVENTION ™ent that will serve as the key is sampled by an appropriate 

5 sensor. Any biometric element can be used, including a 

The present invention relates to systems and methods for fingerprint, a pahn print, a retinal scan, a picture of the user, 

using a biometric element to create a secure identification or a combination of these elements from one or more users. 

and verification system, and more specifically to an appa- [f the system is set up to use a fingerprint then the user will 

ratus and a method for creating a hard problem which has a have the designated fingerprint scanned into the system 

representation of a biometric clement as its solution. through a fingerprint sensor. This process can be as simple 

as the user pressing a finger on a sensor pad. The sensor pad 

DESCRIPTION OF RELATED ART then inputs a representation of the fingerprint into a com- 

_ . . r • 1. • 1 . • puter system. The representation of the fingerprint is then 

The identification or authentication of individuals is a c ui u-uuj* 

, , , 1 J . . 1- . used to construct an instance of a problem which has data 

problem that people and organizations must conrront on a j • j r .u — * * •* i *■ n <• ui *u 

^ , . ^ ^ r , - ^ . , , derived from the fineerprmt as its solution. Preferably the 

dauy basis. A variety 01 systems and methods are currently 15 . ^ o.. .i • jfc^i** i * i i 

i ■ * o v-j instance of the problem is dimcult to solve without knowl- 

used to protect information and property from unauthorized , *u « w 

• * -m- * . J *i. ^^^^ of the fingerpnnt. 

access or interference. These protection systems and meth- ™. ^T. .i 

ods include but are not limited to conventional keys, mag- ™' '"TH'^ °^ "'^ associated with the 

netic keys, magnetic strips on cards, "smart cards." Peisonal •''^°'"y °J users from which it was generated. To 

Identification Numbers (PINs), and passwords. 20 ^ ^ u ^ '^'T ^ u ^ ^ to correctly 

, ' , . . , identify users, it may be desirable to allow only known 

Each of these systems depends on a piece of critical ^^^^^^ (ems to generate instances of problems. The 

information or a physical access device for access to be identification of an instance of a problem as corresponding 

gamed. As long as the cnUcal raformation or access device (o a particular user or users may be only as reUable as the 

is retained by the nghtful user, access by others will be process used at the enrollment system to identify the user or 
deterred. However, if the critical information or access 25 the security ofthe system used to generate the instance of the 

device is secured from the nghtful owner whether by theft, problem identified with the user. 

fraud, duress, surveillance, or consent, someone other than According to one aspect of the present invention, a code 

tion or property. order to serve as proof that the instance of the problem was 

Beyond maintaining information in a secure area through generated in a secure fashion by a secure system or that it is 

locks or password protection, it is often desirable to store or otherwise reliable and uncomipted. According to another 

transmit information in an encrypted format so that even if aspect of the present invention, a cryptographic key can be 

the information falls into the hands of an unauthorized user, generated fi-om the user's fingerprint and used to encrypt 

it cannot be accessed without the cryptographic key. Even information. 

while encryption allows sensitive information to be securely j^^^^^^ embodiment of the present invention works as 
transmitted or stored in puWicly accessible areas, encryption fon^^^ ^ security system, access point controUer, or any 
suffers from the same short commgs of those security ^ther device that may be used to restrict access has a user 
methods discussed above. If the cryptographic key is lost, processing system in accordance with the present invention, 
stolen, or given away then unauthorized users may have ^he user processing system has a sensor that wiU obtain a 
access to the encrypted information. Since an encryption key representation of the appropriate biometric element from the 
cannot be easily memorized by the user like a PIN number ^^^^ jj^e example given above using a fingerprint, the 
or a combination to a lock, the encryption key must typically ^^^^^ ^ ^ fingerprint sensor. The user presses the appro- 
be stored m some physical medium. This leaves it vulnerable priate finger against the sensor and the sensor obtains a 
to misappropnation. representation of the fingerprint. The representation of the 
What is needed is a security method which has a key that fingerprint is encoded into a format that can be used by the 
cannot be easily misappropriated yet is convenient for the computer, and it is checked against an instance of the 
user to carry. Additionally, the lock should be difficult to problem. 

open without the key, and preferably, once the lock is There are a number of ways to determine which instance 
opened, the solution should be able to be used to generate a or instances of the problem the representation of the finger- 
cryptographic key so that encrypted information can be print should be checked against. According to one 
obtained by the user. embodiment, the user teUs the processing system who the 

r,^T^ « , . T,,r rr^xT. T^T^rx^,.™ r ^^cr ckims to be and the processing system downloads, 

SUMMARY OF THE INVENTION , j^^^^^ , J^^^^ , ^^^^.^^J 

The present invention makes it possible for a user to have 55 by the user, or any other location, the instance of the problem 

a security key created from one or more biometric elements identified with that person. The processing system then 

of the user, such as a fingerprint. For example, a feature or attempts to solve the instance of the problem using the 

combination of features of the user can be used to create an encoded version of the user's fingerprint. According to 

instance of a problem which can only be solved by data another embodiment, the processing system can access a 
inherent in the biometric feature or combination of features. 60 database of instances of the problem and determine which if 

The user can supply the data to solve the problem by any of the instances of the problem the encoded version of 

inputting, through an appropriate input device, an image, or the user's fingerprint solves. If an instance of the problem is 

other representation of the biometric elements from which solved then the user's identity is determined to be the 

the data that will solve the instance of the problem is identity associated with the instance of the problem solved 
derived. The problem is solved, either completely or 65 by the user's fingerprint. 

partially, using the derived data to verify the identity of the According to another aspect of the present invention, if 

user, or to provide other functions. the user's fingerprint only partially solves the instance of the 
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problem then this partial solution is used to reduce the work instance of the problem can be stored in a centralized 

required to find a more complete partial solution. A user's location available to the public, on a smart card, on the 

fingerprint may only partially solve the instance of the magnetic strip of a credit card, or in any other suitable 

problem associated with the user for any reason, including location. 

dirt masking a portion of the fingerprint or sensor, a faulty 5 According to one aspect of the invention the instance of 

sensor, variations in how the fingerprint is read by the the problem is produced by encoding features in the plurality 

sensor, or the intrinsic variability of biometric elements. of features into a plurality of encoded features. According to 

According to this aspect of the invention, a more complete another aspect of the invention the step of producing the 

partial solution can be found despite variability or errors in instance of the problem includes camouflaging the encoded 
sensors or in representations of a user's fingerprint, 10 features in the instance of the problem. 

According to another aspect of the present invention, if According to still another aspect of the present invention, 

the processing system solves the instance of the problem the user biometric element comprises pieces from more than 

then a cryptographic key can be generated from the solution one person, so that more than one person's presence is 

to the instance of the problem or from the user's fingerprint. required to solve the instance of the problem. 
This cryptographic key can be used to decrypt information 15 According to yet another aspect of the invention identi- 

meant for the user. For example, if the processing system is fying features in the plurality of features in the instance of 

used to control access to a computer, the contents of the the problem requires that a hard problem be solved. The hard 

computer's hard disk can be also be encrypted. The user problem can be an NP hard problem, preferably an NP 

gains access to the computer by pressing the appropriate complete problem, or most preferably an exponentially hard 

finger against a sensor on the computer connected to the problem to solve. A description of problem solving, 

processing system. The processing system then also gener- complexity, and NP, NP-hard, NP-complete, and cxponen- 

ates the cryptographic key used to decrypt the contents of the tial time problems can be found in the book "Computers and 

computer. For example, the cryptographic key can be used Intractability" by M. R. Garey and D. S. Johnson (1979). 

to decrypt the contents of a computer's hard disk or RAM This book is incorporated by reference, 
memory. 25 According to another aspect of the present invention 

The present invention provides a number of advantages. identifying features in the pluraUty of features in the 

The user's key is the solution or a partial solution to instance instance of the problem requires that a cUque be found in a 

of the problem. Since the user's key is constructed from the graph. According to still another aspect of the present 

user's biometric elements, the user does not have to remem- invention identifying features in the plurality of features in 

ber any information or carry a physical key or device, and the instance of the problem requires that a subset of elements 

the key cannot be easily stolen without the user's knowl- of a larger set of element be identified wherein the elements 

edge. Additionally, the user cannot easily give the key to in the subset satisfy a predetermined condition. According to 

another for unauthorized use outside the user's presence. another aspect of the present invention the predetermined 

Another advantage of the present invention is that the condition the elements of the subset must satisfy includes 

instance of the problem solved by the user's key can be the condition that the sum of numerical values assigned to 

made as difficult as desired by the those who implement the elements of the subset is equal to a predetermined number, 

system, making solving the problem without the key a According to another aspect of the present invention at 

practical impossibility. Yet another advantage of the present least a portion of the biometric element comprises an 

invention is that the degree of partial solution required by the element of a fingerprint, and the plurality features comprise 

system can be made as close to a full solution as desired by an element of a plurality of minutiae, 

those who implement the system, making obtaining the in another embodiment of the present invention a system 

required degree of partial solution as difficult as desired by and method for processing a user in a biometric based 

those who implement the system. system includes storing in a memory information compris- 

Still another advantage of the present invention is that the ^5 ing an instance of a problem based on features in the 

system and method can be used to correct for or overcome plurality of features. According to another aspect of the 

variations in the biometric element or the representation of present invention a representation of a user biometric ele- 

the biometric element by using the representation of the ment is received. The representation includes a plurality of 

biometric element as an approximation to the solution to the user features. In another aspect of the present invention it is 

instance of the problem. A more complete solution is then determined if the user features in the plurality of user 

found using the approximation of the solution. A further features partially solve the instance of the problem, 

advantage of the present system is that the solution or partial In yet another aspect of the present invention user features 

solution to the problem can itself be used to generate a in the plurality of user features are used to identify a partial 

cryptographic key which can be used to retrieve encrypted solution to the instance of the problem. The partial solution 
information of any type. 55 is then used to obtain a more complete partial solution. 

Thus, the present invention can be characterized as having According to another aspect of the invention solving the 

two separate components. An cnrolhnent system or method instance of the problem requires that a hard problem be 

in which users are enrolled in the security system, and a solved. The hard problem can be an NP hard problem, 

processing system or method in which a user's identity is preferably an NP complete problem, or most preferably an 
checked by the system. 60 exponentially hard problem to solve. According to yet 

The system or method for enrolling a user in a biometric another aspect of the present problem the instance of the 

based verification system can be characterized as follows. A problem requires that a clique be identified in a graph, 

representation of a biometric element of the user is received. According to another aspect of the present invention at 

Tlie representation includes a plurality of features. The least a portion of the user biometric element comprises an 
plurality of features are used to produce an instance of a 65 element of a fingerprint, and the plurality features comprise 

problem. The instance of the problem is then output to a a plurality of minutiae of the fingerprint. According to still 

memory location from which it can be retrieved. The another aspect of the present invention the solution or a 
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partial solution to the problem is xised to create a key. 104 includes interface 106 and processor 108 connected by 

Preferably the key is a cryptographic key. According to still interface-processor bus 110. Memory 112 is connected to 

another aspect of the present invention the plurality of user processor 108 by memory-processor bus 114. 

biometric elements are used to provide evidence that a Computer system 104 generically represents any type of 

solution or a partial solution to the instance of the problem 5 computer system, such as a microprocessor-based system, a 

has been found. Preferably providing evidence that a solu- mainframe system, or any other type of general or special 

tion or a partial solution to the instance of the problem has purpose computing system which includes an interface, a 

been found is through the use of zero knowledge proof of processor, and a memory. Processor 108 is any type of 

knowledge. processor such as a microprocessor, dedicated logic, a digital 

signal processor, a programmable gate array, a neural 

BRIEF DESCRIPTION OF THE FIGURES network, or a central processor unit implemented in any 

^ . .1 1 1, . » other technology. Stored in memory 112 is representation of 

FIG. 1 ,s a block diagram lUustraUng a system to enroU fingerprint U6 (or any other biometric element) and instance 

users m accordance with an aspect of the present mvention. problem 118 

FIG, 2 is a flow chart iUustrating the sequence of opera- Representation of fingerprint U6 is input to computer 

tions involved in enrolling a user in accordance with an ^5 ^y^^^^^ io4 through input-output line 102 and stored in 

aspect of the present invention. memory 112. As described below, representation of finger- 

FIG. 3 is a diagram illustrating a simplified example of a print 116 is encoded and camouflaged in instance of problem 

fingerprint encoded as vertices in a graph, vertices forming 118 which is stored in memory 112. Instance of problem 118 

a clique, and camouflaging of the clique with camouflage is then output to a location from which it can be retrieved for 

vertices and edges. future use. 

FIG. 4 is a block diagram iUustrating a system to process F^G- ^ is a flow chart of the sequence of operations 

users in accordance with an aspect of the present invention, ^^"^oly^^ in enrolling a user in the enroUment system m 

^. „ 1 -^1 . 1 r accordance With an aspect of the present mvention. EnroU- 

HG. 5 IS a flow chart lUustratmg the sequence of opera- ^^^^ flowchart 200 starts at step 202, which is the start state, 

tions involved m processmg a user m accordance with an ^5 This system next proceeds to step 204. 

aspect of the present invention. ^^^p 204, representation of fingerprint 116 is read from 

FIG. 6 is a flow chart illustrating the sequence of opera- sensor 101 into computer system 104 through input-output 

tions involved in processing a user in accordance with line 102. The system then proceeds to step 206. In step 206, 

another embodiment of the present invention. the minutiae present in representation of fingerprint 116 are 

DETAILED DESCRIPTION ''^'J^'^f- "f?;. T."" "'^".Pf°"*''%'°;'«P ^O*- 

In step 208, the minutiae identified in step 206 are 

The foUowing description is presented to enable a person encoded as vertices in a graph. The minutiae are encoded by 

skilled in the art to make and use the invention, and is representing them by their relative locations in representa- 

provided in the context of a particular application and its tion of fingerprint 116, For purposes of fllustration, a graph 

requirements. Various modifications to the disclosed 35 with 4 vertices 302 A-D is shown in FIG. 3a. In FIG. 3fe, the 

embodiments will be readUy apparent to those skiUed in the vertices in the graph are then connected by edges 304 to 

art, and the general principles defined herein may be applied form a clique. In one embodiment of the present invention 

to other embodiments and applications without departing the connections of the vertices are represented in memory 

from the spirit and scope of the invention. Thus, the present 112 by an NxN matrix in which N is the number of vertices, 

invention is not intended to be limited to the embodiments 40 If two vertices are connected then a "V is placed in the array 

disclosed, but is to be accorded the widest scope consistent at the intersection of the row and column representing the 

with the principles and features disclosed herein. two vertices. If there is no connection then a "0" is placed 

FIG. 1 is a diagram illustrating enrollment system 100. at the intersection. At this stage, since all of the vertices are 

Enrollment system 100 is preferably a secure system. connected to form the clique, the array contains only "l"'s. 

EnroUment system 100 includes sensor 101 which produces 45 The system then proceeds to step 210. At step 210 a 

a representation of a biometric element such as fingerprints, cryptographic key is generated, if desired, from the vertices 

retinas, palm prints, irises, faces, signature, or any other of the clique. A cryptographic key can be generated, for 

biometric element. Although only one sensor is shown in example, as a function of the relative distances of specified 

FIG. 1, any number of sensors could be connected to the vertices in the clique from a fixed point in the graph. Any 

system in any combination allowing biometric features from 50 method can be used to generate a cryptographic key as long 

more than one portion of a single body or more than one as the method reliably generates a unique key from the 

body to be used. Sensor 101 genericaUy represents any type biometric elements of different users. ApubUc key can then 

of sensor including a camera, a fingerprint sensor, a laser be generated and identified as associated with the graph so 

based sensor, a pressure sensor to detect a written signature, that encrypted information can be securely sent to the user 

or any other type of sensor that can be used to detect a 55 who knows the location of the clique in the graph. In this 

biometric element. Examples of sensors are described in embodiment, since the private key is generated from the 

U.S. patent application No. 08/573,100, entitled "Finger- clique itself, only the user who can identify the chque in the 

print Acquisition Sensor," inventors: Alexander G. graph can decrypt the encrypted message. 

Dickinson, Ross McPherson, Sunetra Mendis and Paul C. The system then proceeds to step 212. At step 212, the 

Ross, filed Dec. 15, 1995, and U.S. Apphcation entitled eo clique is camouflaged through the addition of vertices and 

"Capacitive Fingerprint Sensor with Adjustable Gain," edges to the graph. The addition of camouflage vertices 306 

inventors: Alexander G. Dickinson, Ross McPherson, Sun- and camouflage edges 308 is represented in FIG. 3c. Vertices 

etra Mendis and Paul C. Ross, filed May 13, 1997. Both are added by generating a location for each camouflage 

applications arc commonly owned with the present apphca- vertex and inserting rows and columns in the array at the 

tion and both applications are incorporated by reference 65 appropriate locations. Camouflage edges are then generated 

Sensor 101 is connected to input-output Une 102 which is by placing either a "1" or a "C* in the newly generated rows 

itself connected to computer system 104. Computer system and columns. 
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Care must be taken in how the camouflage vertices and fingerprint 416 can be in any form desired. If it is not yet 

edges are added to the graph in order to ensure that the encoded so that it can be matched against an instance of a 

camouflage vertices and edges cannot be discerned from the problem, then processor 408 will encode it as appropriate, 

vertices and edges that form the clique. One way to achieve Any method of encoding can be used that will allow 
this result is to randomly place the camouflage vertices in the 5 representation of fingerprint 416 to be matched against 

graph and randomly connect edges to the vertices until each instance of the problem 418. For example, representation of 

vertex has approximately the same number of edges attached fingerprint 416 is encoded by the same method as described 

to it. above for the enrollment system. 

In order to make it difficult to find the clique camouflaged xhe system then proceeds to step 506, At step 506 the 
in the graph at least 5 minutiae should be encoded in the lO system determines if there is an instance of the problem 418 

clique and at least 5 camouflage vertices should be gener- against which the system has not yet checked representation 

ated. Preferably 20 or more minutiae should be encoded in of user fingerprint 416. If there is an instance of a problem 

the clique and also preferably 20 or more camouflage 418 against which the representation of user fingerprint 416 

vertices should be generated. More preferably 40 or more has not been checked, then a new instance of the problem 

minutiae should be encoded in the clique and also more 15 ^^^^ memory 412. If there is no new instance of 

preferably 100 or more camouflage vertices should be the problem 418 to be read in, then the system goes to step 

generated. Even more preferably 60 or more minutiae 508 and reports no match. 

should be encoded in the clique and also even more pref- g ^^^^^ ^qq be used for example, in 

erably 300 or more camouflage verUces should be generated. ^ distinct types of user processing: authentication and iden- 

Most preferably, 60 more mmutiae should be encoded in the 20 ^^^^^^^ authentication, the instance of the 

clique and also most preferably 500 or more camouflage problem corresponding to the person the user claims to be is 

vertices should be generated. ^^^^^ ^^^p identification, a plurality of 

The system next proceeds to step 214. At step 214 the instances of a problem are input successively in step 510. 

encoded and camouflaged instance of the problem 118 is xhe plurahty of instances of the problem are preferably 

then output from computer system 104 through input-output chosen so that the user's identity can be determined to 

line 102 along with the associated public key if one was correspond to the identity associated with one of the 

generated. Encoded and camouflaged instance of problem instances of the problem in the plurality of instances of the 

118 may be output to a pubUc storage location, a smart card, problem. The system and method of the present invention 

or retained in memory. can also be used to ensure that a user is not on a given list 

FIG. 4 is a diagram illustrating a system to process a user of users. This can be accomplished by, for example, main- 

in accordance with one aspect of the present invention, taining a database of a plurality of instances of the problem 

System for processing a user 400 includes a sensor 401 associated with user's who are to be denied access by the 

which produces a representation of a biometric element such system or method. 

as images of fingerprints, retinas, palm prints, irises, faces, j^^j- step 510 is completed, the system then goes to step 

signature, or any other biometric element. Although only 512 At step 512 the system decides if representation of user 

one sensor is shown in FIG. 4, any number of sensors could fingerprint 416 solves instance of problem 418. This is done 

be connected to the system in any combination aUowing ^y determining if the vertices in representation of user 

biometric features from more than one portion of a single fingerprint 416 match any of the vertices in the instance of 

body or more than one body to be used. Sensor 401 ttig problem loaded in step 510. If a match is found then it 

generically represents any type of sensor including a camera, determined if the matching vertices form a clique. If they 

a fingerprint sensor, a laser based sensor, a pressure sensor form a clique then the instance of the problem is solved, 

to detect a written signature, or any other type of sensor that jf ^ solution or a partial solution is not found, then the 

can be used to detect a biometric element. system loops to step 506. 

Sensor 401 is connected to input-output line 402 which is 45 According to another aspect of the present invention the 

itself connected to computer system 404. Computer system system and method can be used to correct for any variabiHty 

includes interface 406 and processor 408 connected by a representation of a biometric element from the rcpre- 

interface-processor bus 410. Memory 412 is connected to sentation used to create the instance of the problem. This is 

processor 408 by memory-processor bus 414. Stored in whether the origin of the variations is the biometric 
memory 412 is representation of user fingerprint 416 and 50 element itself, a sensor, or any other source or combination 

instance of problem 418. of sources. Conrection for variations can be accomplished. 

Computer system 404 generically represents any type of for example, as follows in the case in which flie system or 
computer system, such as a microprocessor-based system, a method uses a fingerprint as the biometric element. At step 
mainframe system, or any other type of general or special 512 when the system decides if representation of user 
purpose computing system which includes an interface, a 55 fingerprint 416 solves instance of problem 418, the system 
processor, and a memory. Processor 408 is any type of determines which vertices in representation of user finger- 
processor such as a microprocessor, dedicated logic, a digital print 416 match vertices in the clique in instance of problem 
signal processor, a programmable gate array, a neural 4I8. The system then uses the vertices that match to help 
network, or a central processor unit implemented in any locate more vertices in the chque in the instance of the 
other technology. 60 problem. In one aspect of the present invention, the system 

FIG. 5 is a flow chart of the sequence of operations uses other vertices in the representation of user fingerprint 

involved in processing a user in accordance with an aspect 416 to locate more vertices in the clique in instance of 

of the present invention. The system starts at step 502, which problem 418. This is accomphshed by determining if verti- 

is the start state. The system next proceeds to step 504. At ces in instance of problem 418 which are closest to 
step 504, representation of user fingerprint 416 is read from 65 unmatched vertices in representation of user fingerprint 416 

sensor 401 into computer system 404 through input-output are vertices in the clique in instance of problem 418. Any 
line 402 and then into memory 412. Representation of other technique or algorithm for matching which is com- 
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monly known in the art is suitable for this purpose. If after 
a predetermined time or a predetermined number of vertices 
in instance of problem 418 have been checked and no further 
vertices in the clique are found, then the system stops 
looking for more vertices in the clique in instance of s 
problem 418. 

If a solution or a partial solution is found, then step 514 
is executed. At step 514 the user is identified as being the 
person associated with instance of problem 418 loaded in 
step in step 510. If only a partial solution is found then this 
is reported. The system can be set so that either partial 
solutions of a predetermined completeness end the loop 
between steps 512 and 506, or the system continues to loop 
until a complete solution is found or there are no new 
instances of the problem to load in at step 506. 15 

If a solution is found, the system can be used to allow the 
user access to secure information, a secure area, or use of a 
device such as a computer or a cellular phone. According to 
another aspect of the present invention, when the solution is 
found, the system can attempt to prove to other systems or 
devices that it has found the solution. This can be achieved 
by releasing information that only one in possession of the 
answer would know. More preferable, proof of knowledge 
of the answer is achieve through the release by system 400 
of as little of the answer as is possible consistent with 
practical constraint such as time required to provide 
adequate proof and system data rates. Most preferably, the 
proof of knowledge of the answer by system 400 is accom- 
plished using a zero knowledge proof of knowledge. A 
description of proofs of knowledge and zero knowledge 
proofs of knowledge can be found in Applied Cryptology" 
by Bruce Schneier. This book is incorporated by reference. 

After step 514, the system then proceeds to step 516. At 
step 516, if it is desired, a private key is generated from the 
solution to the instance of the problem and can be used to 
decrypt information encrypted using the public key gener- 
ated during the enrollment process. The key can be used to 
decrypt information stored on a computer. The system then 
goes to step 518 and ends. 

FIG. 6 is a flow chart of the sequence of operations 
involved in processing a user in accordance with another 
embodiment of the present invention. The system starts at 
step 602, which is the start state. The system next proceeds 
to step 604. In step 604 the system reads into memory 412 
representation of user fingerprint 416. Representation of 
fingerprint 416 can be in any form desired. If it is not yet 
encoded so that it can be matched against an instance of a 
problem, then processor 408 will encode it as appropriate. 

The system then proceeds to step 606. At step 606 the 50 
system attempts to prove it has the answer to the instance of 
the problem associated with the user. As described above, 
this can be accomplished in a number of ways, including the 
use of a zero knowledge proof of knowledge. System 400 
will communicate dirough input-output port 402 with a 55 
location that stores the instance of the problem the user's 
representation of a fingerprint is claimed to solve. In this 
embodiment, system 400 need not store instance of problem 
418 in memory 412. If system 400 successfully provides 
enough evidence that the user's biometric element solves the go 
instance of the problem, then the user is identified as the user 
associated with the instance of the problem solved and 
access to the appropriate information or property is allowed. 
If enough evidence is not provided the identification fails 
and access is denied. 65 

The system next proceeds to step 608 where, if the 
problem was solved, a cryptographic key is generated, if 
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desired, from the solution to the problem. This key can be 
used as described above. The system then proceeds to step 
610 and ends. 

The foregoing description of embodiments of the present 
invention are presented for the purposes of illustration and 
description only. They are not intended to be exhaustive or 
to limit the invention to the forms disclosed. Many modi- 
fications and variations wiU be apparent to practitioners 
skilled in the art. It is intended that the scope of the invention 
be defined by the following claims and their equivalents. 

What is claimed is: 

1. A method for enrolling at least a first user in a biometric 
based verification system, comprising the steps of: 

receiving from a sensor a representation of a biometric 
element of the first user, the representation including a 
plurality of biometric features; 

determining a graph representing the relationships 
between the plurality of biometric features; 

adding a plurality of camouflaging vertices and edges to 
the graph to create a camouflaged graph; and 

storing the camouflaged graph with a first user identity 
information, the first user identity information identi- 
fying the first user as being the source of the plurality 
of biometric features. 

2. The method of claim 1, wherein the graph includes a 
plurality of vertices and a plurafity of edges, and wherein the 
determining the graph includes: 

representing biometric features in the plurality of biomet- 
ric features as vertices in the plurality of vertices; 

connecting vertices in the plurality of vertices with edges 
in the plurality of edges; and 

wherein the plurality of vertices and the plurahty of edges 
form a clique. 

3. The method of claim 1, wherein the camouflage edges 
in the plurality of camouflage edges are connected to the 
camouflage vertices in the plurality of camouflage vertices. 

4. The method of claim 1, further comprising determining 
a cryptographic key includes identifying a clique in the 
graph. 

5. The method of claim 1, wherein the biometric element 
comprises biometric elements from a second user. 

6. The method of claim 1, wherein the biometric element 
comprises an element of a fingerprint. 

7. The method of claim 1, wherein the biometric element 
comprises an element of a plurality of fingerprints. 

8. The method of claim 1, wherein the biometric element 
comprises an element of a palm print. 

9. The method of claim 1, wherein the biometric element 
comprises an element of an iris. 

10. The method of claim 1, wherein the biometric element 
comprises an element of a retina. 

11. A method for attempting to identify a user using a 
biometric based system, the method comprising: 

receiving a representation of a user biometric element 
from a sensor, the representation including a plurality 
of user features; 

accessing an instance of a problem, the problem having 
been created from a plurality of enrollment features, the 
plurality of enrollment features being previously iden- 
tified features corresponding to a biometric element, 
the instance of the problem being at least as difficult to 
solve as an NP complete problem; and 

attempting to at least partially solve the instance of the 
problem using user features in the plurality of features, 
and if the instance of the problem is at least partially 
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solved thcQ the user is identified as being a user 
associated with the instance of the problem. 

12. The method of claim 11, wherein: 

the instance of the problem comprises identifying features 
in the plurality of features, the plurality of features ^ 
including a plurality of minutia; and 

wherein the subset of elements satisfies a predetermined 
condition. 

13. The method of claim 12, wherein the predetermined 
condition is a numerical sum. 

14. The method of claim 12, wherein the instance of the 
problem includes identifying a chque in a graph, wherein the 
graph represents a plurality of features, and wherein the 
predetermined condition is a clique in a graph. 

15. The method of claim 11, wherein the instance of the 
problem comprises an NP-hard problem. 

16. The method of claim 11, wherein the instance of the 
problem comprises an exponentially hard problem. 

17. The method of claim 11, wherein the user biometric 
element comprises pieces from more than one person. 

18. The method of claim 11, wherein the user biometric 
element comprises an element of at least one of a fingerprint, 
a palm print, an element of an iris, and an element of a retina. 

19. The method of claim 11, wherein if the problem is 
solved, then the solution is used to create a cryptographic 
key for decrypting encrypted information, the encrypted 
information having been encrypted using a second crypto- 
graphic key corresponding to the cryptographic key, the 
second cryptographic key being created from said plurality 
of enrollment features. 

20. The method of claim 11, including the step of pro- 
viding evidence that the partial solution to the instance of the 
problem has been found, wherein the evidence corresponds 
to using a zero knowledge proof of knowledge. 
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21. A system for enrolling a user in an identification 
system, the system comprising: 

a sensor for receiving a representation of a biometric 
element of the user, the representation including a 
plurality of biometric features; 
a memory for storing the representation; and 
a processor, being coupled to the sensor and the memory; 
for determining a set of relationships between the 
plurality of biometric features, the set of relationships 
corresponding to a graph, the processor further for 
adding a plurality of camouflaging vertices and edges 
to the graph to create a camouflaged graph, and the 
processor further for storing the camouflaged graph 
with a user identity information, the user identity 
information identifying the user as being the source of 
the plurality of biometric features. 

22. A system for enrolling a user in an identification 
system, the system comprising: 

a first means for receiving a representation of a biometric 
element of the user, the representation including a 
plurality of biometric features; 
a second means for storing the representation; and 
a third means, being coupled to the first means and the 
second means; for determining a set of relationships 
between the plurality of biometric features, the set of 
relationships corresponding to a graph, the third means 
further for adding a plurality of camouflaging vertices 
and edges to the graph to create a camouflaged graph, 
and the third means further for storing the camouflaged 
graph with a user identity information, the user identity 
information identifying the user as being the source of 
the plurality of biometric features. 

***** 
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